← Voltar para CVEs
CVE-2019-10925
HIGH7.1
Descricao
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
Detalhes CVE
Pontuacao CVSS v3.17.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado6/12/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
siemens:simatic_mv420siemens:simatic_mv420_firmwaresiemens:simatic_mv440siemens:simatic_mv440_firmware
Fraquezas (CWE)
CWE-284
Referencias
http://www.securityfocus.com/bid/108725(productcert@siemens.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf(productcert@siemens.com)
https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02(productcert@siemens.com)
http://www.securityfocus.com/bid/108725(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.